In a previous post I have shared a list of a specific attacks that can be executed in every VoIP engagement. The list contained also Testing for Default Credentials (VoIP-009) so the following table with common credentials for various VoIP devices has been created to assist with this specific type of test.

Vendor

VoIP Device

Username

Password

Acme

Packet 4600

admin

packet

Alcatel

4400 PBX

kermit

kermit

Asterisk

AsteriskNow

Admin

admin

Avaya

IP Office 500

Administrator

Administrator

Avaya

Aura Conferencing

admin

admin

Cisco

CallManager

admin

admin

Cisco

SPA122

admin

admin

Cisco

Unified Communications 500

cisco

cisco

Cisco

IP Conference Station 7936

administrator

**#

Grandstream

UCM6102

admin

admin

Mitel

3300 PBX

system

password

Mitel

SX-200

installer

1000

Mitel

SX-2000

system

password

Mitel

Aastra 6737i/6739i

admin

22222

Polycom

DMA 7000

admin

admin

Polycom

Soundstation IP6000

Polycom

456

Polycom

Soundstation IP5000

admin

456

Sonus

SBC Platform Manager

admin

Sonus12345

Snom

Snom One

admin

Yealink

All Phones

admin

admin

The default password list for VoIP devices can be found also in GitHub.